97f7fe2dac15b04fcf3393845fbfd514

Sharing

Copy URL Twitter E-mail

General

Target

97f7fe2dac15b04fcf3393845fbfd514
Size

22KB
MD5

97f7fe2dac15b04fcf3393845fbfd514
SHA1

88cf286ab24d59bf105851e4d5a7e9522e891430
SHA256

937f5b7d40dc93eaf053bb16eb356da33387a30ba1677a5d75d21624cff00ca2
SHA512

2d3ec1e204d2ab8a61a0864b5562ada4853620e4b3a9a915bff507b362f31c604606fa9c36289998c0320ad9339a95a2dfb03c7e235b525b0dd0015d23edfb56
SSDEEP

384:P8+YdDoJLOjZ/WM+E7D2/dtqHMfbGYwHYeh3/b:PxYVELCnWtqHMfbS4eJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97f7fe2dac15b04fcf3393845fbfd514

Files

97f7fe2dac15b04fcf3393845fbfd514
.exe windows:5 windows x86 arch:x86

b673eaa8c6111fad4b7bc7134c6d1e33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlCreateRegistryKey
NtCreateMutant
NtClose
strstr
NtOpenMutant
_stricmp
_strnicmp
NtQueryValueKey
RtlWriteRegistryValue
NtOpenKey
_memicmp
RtlRandom
strchr
_snwprintf
sscanf
RtlImageNtHeader
RtlImageDirectoryEntryToData
RtlEqualUnicodeString
NtQuerySystemInformation
LdrLoadDll
RtlInitUnicodeString
_snprintf
strncpy
memset
_chkstk
memcpy

shlwapi

PathFindFileNameA
PathMatchSpecA

wsock32

closesocket

wininet

HttpSendRequestA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetOpenA
InternetGetLastResponseInfoA
InternetConnectA
HttpQueryInfoA
InternetQueryOptionA
InternetCloseHandle
InternetCrackUrlA

kernel32

GetModuleHandleA
GetTempFileNameA
CreateProcessA
CreateProcessW
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateThread
GetTempPathA
GetModuleFileNameA
GetExitCodeThread
CreateFileMappingA
ReadFile
GetFileAttributesA
TerminateThread
WriteFile
GetProcessHeap
GetTickCount
WaitForSingleObject
HeapFree
HeapAlloc
UnmapViewOfFile
MapViewOfFile
SetFilePointer
GetFileSize
CreateFileA
HeapReAlloc
VirtualProtect
GetVersionExA
SetFileAttributesA
GetSystemWindowsDirectoryA
Sleep
GetVolumeInformationA
MoveFileExA
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
DeleteFileA
GetCurrentProcess
VirtualFree
CreateRemoteThread
OpenProcess
GetComputerNameA
VirtualAlloc
VirtualAllocEx
CloseHandle
WriteProcessMemory
VirtualFreeEx

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

Exports

Exports

FileDownload
SetCmdDelay
SetRedirUrl

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.333
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b673eaa8c6111fad4b7bc7134c6d1e33

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

wsock32

wininet

kernel32

advapi32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

.333 Size: 512B - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB

.333
Size: 512B - Virtual size: 4KB